Archive for the ‘Secrecy and encryption’ Category

I will be teaching a 2-day course, 9-5 on January 10 and 11, on Privacy, Secrecy, and Censorship. This Harvard Division of Continuing Education Professional Development course is for anyone who wants to learn about the digital explosion in one short burst, for either professional or personal reasons.

Several of my colleagues are also teaching fascinating short courses in January, listed on the same web page. There are links for inquiries and registration, or just shoot me an email, to lewis@harvard.edu if you want to get info from the horse’s mouth!

At a trade show he found an equipment manufacturer making these claims about a box it was offering for sale to government investigators:

“Users have the ability to import a copy of any legitimate key they obtain (potentially by court order) or they can generate ‘look-alike’ keys designed to give the subject a false sense of confidence in its authenticity. … IP communication dictates the need to examine encrypted traffic at will. … Your investigative staff will collect its best evidence while users are lulled into a false sense of security afforded by web, e-mail or VOIP encryption.”

To back up a step, SSL encryption — which lies underneath the secure browsing you take for granted when you see “https” preceding a URL such as bankofamerica.com — does not by itself guarantee that the site to whom you are connected is in fact the site of the Bank of America. Your browser relies on the site presenting a certificate, and a certificate authority certifying that the certificate really does belong to Bank of America. There are hundreds of these third party certificate authorities — Verisign is the one you are most likely to have heard of — and there is a protocol for those authorities themselves to be certified as reliable. If a certificate authority is issuing bogus certificates — “certifying” that the FBI is really Gmail, for example — then the impostor could read your email or banking transactions, and no one would be the wiser.

What else could the company, Packet Forensics, mean by promising to provide a “false sense of security”? Its answers to Wired, which called the company, certainly are not reassuring.

Company spokesman Ray Saulino initially denied the product performed as advertised, or that anyone used it. But in a follow-up call the next day, Saulino changed his stance.

“The technology we are using in our products has been generally discussed in internet forums and there is nothing special or unique about it,” Saulino said. “Our target community is the law enforcement community.”

Good for Chris. It will be interesting to see how many worms come out of this can. For good summaries, read the Wired or EFF news items. But the paper itself is well written and does not require an advanced education to read.

The Associated Press reports a strange case in which a Facebook user logged into her account from her cell phone and wound up in someone else’s. Except it turns out that though strange, it is not unprecedented. A couple of people even wound up in each other’s accounts.

It’s a little hard to figure out what is going on, but it seems that the wrong cookie (code identifying the Facebook account) got installed on the user’s cell phone. According to the story, it’s AT&T’s fault, though it is hard to be sure since all the cases involve not just the same carrier but the same web service (Facebook) and the same Nokia phones. If, as reported, it’s a bug in AT&T’s cell-phone-to-Internet connection, it’s easy to imagine that a user might be taken to another’s Gmail account in the same way.

If the connection had been encrypted, that would probably have prevented the cookie bug from doing any harm. But Facebook does not use encrypted connections.

Which reminds me of something I should have mentioned earlier. In what was already a good week for Google on the privacy front, because of its announcement that it would stand up to the Chinese censors, Google announced in a much less publicized blog post that it was going to enable https by default for Gmail. That is, up to now, your Gmail has flowed to you in plaintext, available for sniffing and snooping anywhere in the Internet. There was always a way to change that default and have your Gmail encrypted, but it took a little digging to find the check box and few people bothered. The disadvantage to Google in making encrypted email the default is that the encryption takes time, so Google had to upgrade its systems, costing them money. Now they have decided to to exactly that, and once again, good for them!

My guess is that it’s as simple as this: the http returned by a request to “www.facebook.com” was cached by AT&T and delivered to other users who attempted to fetch that URL in an attempt to save bandwidth. The login credentials are irrelevant… once AT&T cached the page it thought of as “www.facebook.com” it would deliver it to anyone who asked for that URL. It probably only changed for the next person because someone insisted on logging out and back in, and the caching server detected the change then re-cached the NEW user’s page. This used to happen a lot on the internet to unencrypted streams that allowed log-ins. These days most caching servers are properly configured, but it’s still an easy mistake to make if you’re setting up a caching proxy.

That is, sometimes an ISP will cache (keep its own local copy) of a web page it retrieves from a server so the ISP can deliver it to multiple users who may request it without going back to the server for a fresh copy each time. Obviously this is the wrong thing to do if there is any possibility that the page may change in an important way in between requests that the ISP is receiving. Perhaps it was just delivering one party’s version of “facebook.com” (a logged in page) to another user who also asked for “facebook.com”. Whatever it was doing, it was wrong! And reminds us that nothing in a distributed system ever works better than the poorest code that gets invoked. Even retrieving a web page involves lots of parties.

Incredibly, the signals between the unmanned drones being used in Iraq and Afghanistan and their base stations are transmitted in the clear — unencrypted. The insurgents have figured that out and are watching the same scenes that our military is watching. The Wall Street Journal says the system has been “hacked,.” Not really — no more, as a colleague put it to me, than someone who buys a police scanner is “hacking” the police radio system.

Encrypting signals is easy, obvious, and taken for granted. How could the system have been designed and deployed without it?

In Blown to Bits we spend all of Chapter 5 making the argument that (a) perfect secrecy is possible through public key encryption and (b) almost no one encrypts their email anyway. Why this would be the case is one of those small mysteries of the universe. Few of us actually know people who know that their email has been read, but most of the time we’d have no way to know that. If you are sitting in Starbucks and the guy with the double mocha latte is running a packet sniffer, you’d never know the difference.

Today’s New York Times has the kind of story that might lead more people to take the issue seriously. It seems likely that the NSA is snooping on more email than they’d like to admit. The simple fact that the cost of surveillance has plummeted in itself makes abuse more likely. (THe NSA doesn’t need to loiter at Starbucks. They can get access to ISPs’ switching equipment.)

If you use Google’s Gmail, you can encrypt all your mail. The preference setting is pretty obscure, and you have to opt-in: the default is no encryption. Chris Soghoian, I, and a number of other computer scientists and security experts have just called on Google to make encryption the default. Our letter explains it all: You can read it here.

Someone working for a defense contractor in Bethesda, Maryland did what millions of teenagers do — he installed a peer-to-peer filesharing program on his computer so he could share and download music. He evidently was unaware that the same permission that allows computers elsewhere to reach into his computer and take copies of songs also allows those computers to reach in and take other files stored on his computer. Such as, for example,¬†engineering and communications information about Marine One, President Obama’s helicopter, which turned up on a computer with an IP address locating it in Teheran, Iran. Oops! The story goes on to explain,

Retired Gen. Wesley Clark, an adviser to Tiversa [the company that made the discovery], said the company discovered exactly which computer the information came from. “I’m sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went.”

Well, General Clark may be half-right there; no doubt they identified the source. But who knows where else that information now is? Once it’s out there, there is no taking it back.

The bad guys are out there, just checking who’s left the back door unlocked. I doubt this computer in Bethesda is the only one.

Thanks for the tip to my colleague Matt Welsh, who is, by the way, running his own blog. The most recent item is about his experience of blowing his music to bits — that is, freeing his music collection from the plastic CDs that used to contain it.

It was reported last week (see the Crimson story, for example) that the amount for which Facebook settled the litigation brought against it by the Winklevosses, two of Mark Zuckerberg’s contemporaries at Harvard, was $65M. That number was supposed to be secret, but Facebook’s former lawyers released it by accident. How?

Turns out, exactly the same way the details of the Calipari report, discussed at the beginning of Chapter 3, became public. The law firm “redacted” the number from a document it then made public, but it did the redaction simply by placing a white bar over it in the PDF file. The actually $65M number was still in the file.

You can do it yourself — it takes only a few seconds — try it, it’s fun! Click on this link to download and open the PDF of the court transcript as redacted and released. Go to the bottom of page 22, where there is some white space preceded by the word “[REDACTED].” Select the white space (it runs from the last part of one line to the first part of the next) and copy it — as though you were just copying a bunch of spaces. Now paste it into any word processor — bingo, like magic, the words “$65 MILLION” appear. They were there all along, covered by the white redaction bar — probably just “highlighting” applied using Adobe Acrobat or some similar tool, with the highlighter color changed to white.

In Blown to Bits we give two other examples of this mistake, in addition to the Calipari report. You would think that law firms would understand this by now! There are easy ways to avoid it. Oh dear — if it was some poor unsupervised paralegal or staffperson who did it, I feel sorry for him or her. But really, there can be no excuse for the firm.

On pages 73-77 of Blown to Bits, we go through three cases in which editors electronically redacted documents to remove sensitive information, not realizing that the way they were doing the redaction changed only the way the document appeared on the screen. The internal representation of the document still included the redacted text, which a simple cut and paste operation disclosed.

Not the most fascinating part of the book, I’ll bet. In fact, I’ll bet some of you skipped over it fairly quickly.

These were serious mistakes with big consequences. I hadn’t heard any recent reports of similar failures.

But the underlying problem hasn’t gone away. The electronic “document” metaphor is too convincing. It’s easy for a editor to infer that what is happening on the screen is what is really happening to the computer file.

A few days ago, it was disclosed that the value put on Facebook at the time the settlement with ConnectU was a lot less than it might have been, had the value been based on Microsoft’s subsequent purchase of a percentage of Facebook. How do we know? The imputed value (and ConnectU’s settlement) were inadvertently revealed by Facebook’s lawyers. Revealed how? Here is the account offered by SiliconValley.com:

Large portions of that hearing are redacted in a transcript of the June hearing, but The Associated Press was able to read the blacked-out portions by copying from an electronic version of the document and pasting the results into another document.

How embarrassing. Moral: read Chapter 3. And remember it!

Added 2/13:¬†Here is the actual PDF. Go to page 22. At the bottom is some whited out text preceded by the word “REDACTED”. Select the white space on the screen (you can do this with any PDF reader) and copy it, then paste it into your usual wordprocessor. Like magic, the $65 million dollar figure appears!

President Obama is going to have a handheld, but it won’t actually be a Blackberry. It will be special military equipment, capable of entering a super-secure mode in which it can communicate only with identical equipment (presumably in the hands of military and intelligence personnel).

The Times story, as well as some others, state that it won’t be possible to forward presidential emails. I don’t know what that means. If Sasha gets an email on her home computer from her daddy, what would prevent her from taking a screen shot, or cutting and pasting the body of the message? It’s possible to restrict the President’s computer so that its functionality is limited, by I just don’t know how you could stop the recipient of one of his emails from using ordinary office software to manipulate it.

The New York Times reports that the National Archives is preparing to take ownership of 50 terabytes of Bush data — 50 times as much data as Clinton left behind. And yet important stuff may be missing, because of Vice President ¬†Cheney’s claims that only he can be the arbiter of what records are personal and what are national property. And then there is this comment from the Vice President:

‚ÄúI‚Äôm told researchers like to come and dig through my files, to see if anything interesting turns up,‚Äù Mr. Cheney said. ‚ÄúI want to wish them luck, but the files are pretty thin. I learned early on that if you don‚Äôt want your memos to get you in trouble some day, just don‚Äôt write any.‚Äù

And don’t turn over the ones you did write, I guess.

The Archives may be overwhelmed; it seems seriously possible that it will be next to impossible actually to find anything. The digital explosion indeed.